Ledger Crypto Wallet Breach Results in Theft of Over $610,000

Malicious Code Inserted Through Phishing Attack on Former Employee

Ledger, a cryptocurrency wallet maker, has reported a security breach that led to the theft of over half a million dollars in cryptocurrency.
The breach was caused by malicious code that was slipped into one of Ledger's JavaScript libraries, Connect Kit.
The malicious code was uploaded by an unauthorized party who gained access to Ledger's NPM registry account through a phishing attack on a former employee.
The compromised file, known as a 'crypto drainer', was live for about five hours and active for about two hours, during which over $610,000 worth of crypto tokens were stolen.
Ledger has since addressed the attack, identified the attacker's blockchain address, and released a safe version of the Ledger Connect Kit.